Cracking 2

home *** CD-ROM | disk | FTP | other *** search

/ Cracking 2 / Cracking II..iso / Tools / ProcDump 1.6.2 / HISTORY.TXT < prev next >

Wrap

Text File | 2000-01-17 | 24.4 KB | 556 lines

History : ───────── version 1.6 Ultra 2 [01-17-2000] - NT/NT2K fixup. ■ CodeShot + Updated Task/Mod init code to run correctly under NT2K. (01-13) + Fixed up an obvious bug that avoided to snapshot modules (01-17) correctly ! Thanx to Elicz for spotting this (I was surely tired when i wrote this). ■ Unpackers + Added Aspack 2000 support. (01-05) ■ Documentations + Updated ProcDump user manual. (01-17) + Updated Unpack.txt. (01-17) + Updated history.txt. (01-17) version 1.6 Ultra 0 [12-17-1999] - FINAL AND LAST VERSION. ■ CodeShot 9x *+ Added a new dumper code with full memory range support (09-20) *+ Updated dumper to support 95 OS. (09-26) ■ Phoenix + Changed a bit the Rebuilder code... nothing u will see ;) (09-16) + Added intelligent new import table stamper. (09-26) + Updated the import rebuilder code : no need anymore to run (09-27) ProcDump32 from the target folder to have "perfect" Imports. + Enhanced Rebuild Import (Mode2) : Detect accurately old import (10-04) table if still present. No more using crappy heuristics ;). + Added a Zero fill in PE loader code... Solve some issues. (10-04) + Fixed Merge Section code... Nobody noticed, hummmmm. (10-07) + Fixed bugs linked to new import table stamper. (10-18) + Fixed a stupid bug (a test !!) in forwarded API scanner. (11-21) Thanx to bunter for spotting the pb :). + Enhanced Thunk scanner again... Reliability improved MUCH !! (11-28) ■ Shiva + Added Wildcard support in LOOK command (12-17) You can say big thanx to Groo for suggesting this :). + Added Un/Conditionnal jump commands (12-17) + Added Quit command due to above additions (12-17) Check Aspack 1.08.4 script for new command usage. BTW: Yes I know that a LOOK ?,C3 can be optinized to LOOK C3 :). ■ PE Editor + Added & Modded AddSection Code to PE header from Lucifer48. (10-04) ■ Unpackers + Added PE Compact support (09-18) + Checked PE-Diminisher - Use STANDARD unpacker. (09-18) + Added Petite 2.1 bhrama plugin (C) Kill33x (09-18) + Updated UPX script a bit, thanx To the Owl :). (11-13) + Added Unaspack 1.08.04 support. (xx-??) + Revamped some script... (12-17) ■ GUI ! Fixed up some Dialogs to be 100% modal. Thanx to Muffin ;) (10-04) ■ Documentations + Added EndOfPd.txt explaining why it stops here. (12-17) + Updated Unpack.txt. (09-18) + Updated Script.txt. (12-17) + Updated history.txt with a special care for dates format. (12-17) Thanx to The Owl for this :) * Ultra Only version 1.5 build 0 [07-18-1999] - Public ■ Bhrama + AutoFix PE is set by default. (04-18) + Added C source code for client from CyndiG. (04-18) + Allowed Bhrama Name change on The Owl request ;). (07-13) + Auto detection of EIP style (RVA/VA) to help plugin writers. (07-13) Hi Owl, Pedro, Zobel, & the others ;). + Added a new check box to override uploaded options. (07-16) Requested by The Owl :) ■ Phoenix ! Fixed a copyright string ;). (04-05) + Enhanced Import Rebuilder - Name scanner enhanced. (04-14) ! Added a data read checker in forward API scanner. (05-13) + Increased Attempts in Thunk Scanner (05-17) + Enhanced module detector. (05-17) + Added a more efficient module scanner in Rebuild mode 1&2. (06-16) + Revamped Import rebuilder for Mode 1&2 (06-21) Thanx to Vtec & Beowulf for their massive testing ;). + Updated Header updater code to support some WATCOM PE (06-22) Thanx to Vtec [Laxity] for showing me those fucking PE !! + Fixed a lame crashing bug in Create New Import mode. (06-27) Thanx to RiDDLER to spot me the bug ;) + Added unwrapping code when in Debug mode. (07-05) Change needed to support unVBOX42 from Zobel. ■ Shiva + Now in case of PageFault, the Mem is saved to ur convenience. (06-12) ■ Unpackers + Added support for CodeSafe 3.X. Thanx to Ethan for his script! (04-07) + Added support for Neolite 2.0. Job made by Lorian (04-10) + Added support for Aspack 1.08. Job made by Lorian (04-10) + Added support for Aspack 1.08.02. Job made by Lorian (04-18) + Added support for Petite 2.0. (04-25) + Modified WWPACK32 II to support 1.12 & above. (04-25) Hint for what to modify By beast. + Added Sentinel Unshell from SuperLuck [X-FoRCe] (04-05) + Added PKLiTE32 unpacker (05-24) + Added PETiTE 2.1 Preliminary "unpacker" (06-01) + Added PCShrink unpacker (06-14) + Added PCGuard 2.10 unpacker. Job made by Lorian (06-21) + Added Aspack 1.08.3 unpacker. Thanx to Alexander Kirillov (06-28) + Added Shrinker 3.4 FULL remover. (07-05) + Added unVBOX42 from Zobel [PC]. (07-06) ■ ProcDump + Added a new param in script.ini, can be usefull sometimes ;) (05-03) Thanx to MrNop for pointing me out such "ADT" long time ago ;). + Fixed a small GUI bug in options dialog. Thanx To Beowulf ;). (05-20) + Added even more features linked to new ini param. (07-01) + Randomized some names for some ProcDump mode. (07-04) ■ Documentations + Updated a wanted text file. (07-17) + Updated ProcDump user manual. (07-17) + Updated unpacker informations file. (07-17) + Updated Bhrama server documentation. (07-17) version 1.4 build 0 [04-02-1999] - PUBLIC ■ Shiva + Changed Internal Resume of Event. (02-28) ■ Phoenix + Enhanced Import Rebuilder (DLL collision solved !) (01-17) ! Fixed up that stupid ImageSize Increase ;). (01-21) + Added the possibility to force PE Header Restore. (03-20) + Forwarded API support added (NT compliance is better ;) (03-20) ■ Unpacker + Added SoftSentry unpacker 2.11 (01-22) Thanx to Duckling Duck for giving me uRL & his script for 2.1. + Updated Aspack unpacker (Thanx to Owl !!) (02-07) + Explained in unpack.txt how to nuke ISR2 "protection" scheme (02-15) Awards 99 of the more stupid protection SCHEME. + Neolite/Hasiuk small update (header trick defeated). (03-20) ■ Bhrama Dumper Server + Initial Code Added (0.1) (02-11) Another major evil thought from Stone and Added in ProcDump By G-RoM ;). + Enhanced server protocol (0.2) (02-14) + Client sample code is ready by Stone/G-RoM (02-25) + External upload of options allowed & working ;). (03-09) + Enhanced server protocol (0.3) (03-09) + Added securom unwrapper plugin (C) Pedro [Laxity] (03-20) + Updated securom unwrapper plugin (C) Pedro [Laxity] (03-30) ■ ProcDump ! Added a check for Support file (Thanx to Bunter). (02-08) ■ Documentations + Added a wanted text file. (04-02) + Added a license agreement. (03-28) + Updated ProcDump user manual. (04-02) + Updated unpacker informations file. (04-02) + Added "Bhrama server" documentation. (03-09) version 1.3 build 0 [01-17-1999] - PUBLIC ■ Process Monitor + Added Possibility to consult PE infos of a given Process (12-23) Original Idea : NetWalker ■ Phoenix ! Fixed a scan buffer routine when using Create new import. (12-01) - Removed the use of Load/FreeLibrary. (11-30) + Added my own Code for loading/freeing library. (11-30) ! Fixed a bug in function name scanner. (12-02) ! Fixed a bug in GetProcOrd code (due to new LoadLibrary). (12-08) + Added a new PE Optimizer code. (12-29) + Added a new method for banner stamping (12-29) + Added a Code Size Section optimizer. (12-29) ! Added an object virtual updater.... just in case ;) (12-31) + Added a message when Import table can't be handled (01-05) + Added a zero set in a certain location nobody cares really (01-15) ■ Shiva + Prepared VXD support. (12-01) + Prepared External Helper support. (12-01) + Explicit error message when an error occured in script. (12-02) ! Ooppps, fixed the behaviour for Multilayer confirmation. (12-07) + Added experimental Ring 0 Tracer (YEAHHHHH !!! ooopps sorry ;) (12-08) -> Trace WWPACK32 in a few SECs !!! + Added External Helper Support. (12-08) -> Can do a specific task that can't be done with ProcDump or that will help unpacking process. + AutoConfiguration for well-known packers. Override is allowed. (12-10) ! Fixed NT fucking ContinueDebugEvent pb... Holly shit NT SUXX ! (12-21) + Added a routine for WIN9X to hide debugger to host ;) (12-21) I had this idea since a while But I used bad method. Thanx to NetWalker for giving me the right one ;). + Enhanced PreDump security (There since 1.1.6, but ... ahem ;) (12-21) + Changed the script error handler to be more explicit. (01-04) + External helper command line contains now path to INI file (01-04) Requested by Pedro ;). + KMD tracer support added (01-13) + Changed first event handling (01-16) + Added BPC command (01-16) + Added BPV command (01-16) + Enhanced BPF command (01-16) ■ Shiva II - WIN9x OS + Ring 0 preliminary tracer done by Stone. (12-08) ! Fixed Ring 0 tracer - Works fucking nice !! (01-04) Many many thanx to The Owl for the debugging !!!!!! + Added New Ring 0 dump criteria (01-06) + Added some code emulation (01-06) ! Fixed up the Segment shit (01-10) ■ Shiva II - WINNT OS + preliminary KMD tracer done by Lorian (thanx mate !!) (01-10) ■ ProcDump + Changed the main code to use a randomized CLASS name ;) (12-31) Many thanx to Fresh for infos and NetWalker for a NEAT code !! + Changed some code to allow Main title customizable ;) (12-31) ! Fixed a lame dialog end loop routine (01-13) (internal - You can't notice ;) ! Fixed internal Path handler (now Root is allowed ;) (01-16) ■ Unpacker + SoftSentry is supported by unknown method (someone told me). (12-06) + VGCrypt 0.6 is supported by unknown method with ignore faults. (12-07) + Added UPX unpacker (tested with 0.46) (01-02) + Updated NeoLite/Hasiuk unpacker (Neolite 1.04 fully supported) (01-02) + PE-PROT 0.9 is supported under W9X with R0 mode. (01-10) + PELOCKnt is traced under W9X with R0 mode (01-10) (REAL support will come later !). + Added ASPACK unpacker (01-15) ■ Documentation + Updated "How to Unpack" file (01-16) + Updated "Script reference" file (01-16) + Updated "ProcDump user manual" file (01-14) version 1.2 build 0 [11-29-1998] - PUBLIC ■ Phoenix + Added an header optimizer code to avoid some non paged area. (11-25) + Enhanced a bit the code style ;). (11-25) + Enhanced Import Table rebuilder criterea (11-29) ■ Shiva + Added WALK command. (11-28) + Added EIP command. (11-28) ■ Unpackers + Added Petite second version support. (11-29) ■ PE Header editor + Added the possibilty to save a section to disk. (11-29) + Added the possibilty to load a section from disk. (11-29) ■ ProcDump + Changed some resources ordering. (11-29) ■ Documentation + Added comments about check header sections (11-29) + Updated "How to Unpack" file (11-29) + Updated "Script reference" file (11-29) version 1.1 build 6 [11-03-1998] - PUBLIC ■ ProcDump + Changed some resources ordering. (10-18) + Fixed the syslist column resizing pb (10-27) ■ CodeShot + Enhanced dump security. (10-31) ■ Shiva + Added Ignore of faults (Stone found how to do it!) (11-03) - Removed breakpoint hit (Ignore faults does the same & more) (11-03) + Enhanced Dump security after unpack. (11-03) ■ Unpacker + 100% support of VBOX any version & build (11-03) + TimeLock 3.x support. Same as VBOX ;) (11-03) + Shrinker 3.2 supported [Ignore faults required !] (11-03) + May be some others... Ignore faults rulez ;) (11-03) + PE-Pack support.... (11-03) ■ Documentation + Comments about Ignore Faults (11-03) + Unpack file updated (11-03) version 1.1 build 5 [10-17-1998] - PUBLIC ■ Documentation ! Fixed a small mistake. (10-17) + Changed File_ID.DIZ so that some SITEOPs can't use BUILD (10-17) NUKE reason (some are really stupid !!!). Pffff.. They are too lazy to do a real DUPE check. ■ ProcDump + Added some check about windows centering. (10-17) + Added some screen refresh. (10-18) ■ CodeShot + Module Dumper reactivated ;). (10-17) + Module Partial Dumper added. (10-17) version 1.1 build 4 [10-11-1998] - PUBLIC ■ Phoenix + Enhanced IAT detector criterea (10-11) ■ Shiva + On error while reading process memory in final step, Display (10-11) the original EIP we fetched and Error Code. ■ Unpacker + VBOX problem analyzed. Seems the wrapper is tricky : It tries (10-11) to use Int 3 backdoor to detect SoftICE. Seems to coz a part of the code layer (including EIP code start) to not be decrypted while tracing code to get Original EIP & Clean Data section. => Make a dump and stamp the crypted part... Suxxxx but Works ;). version 1.1 build 3 [10-06-1998] ■ Shiva + Added OBJR command (10-06) + Added BPREG command (10-06) - Removed range checking option (useless) (10-06) + Added Breakpoint Hit checking option. (10-06) ■ Unpacker ! Modified VBOX script (10-06) But still doesn't work with dialog VBOX. version 1.1 build 2 [10-04-1998] ■ PE header editor + Now you can choose between Header only and File modifications. (10-04) ■ Phoenix ! Changed internal module snapshot. (10-03) ! Fixed a small bug in DLL detector. (10-04) + New rebuilder code works. (10-02) + Create a brand new import section for trashed PE. (10-02) ■ Unpackers + Added FAST support for VBOX appz. (09-28) I will look for TimeLock fast support soon. + Added WWPACK32 universal remover [Type I & II]. (09-22) version 1.1 build 1 [09-21-1998] ■ Team - ProcDump Coders + Added Riz La+ in interface coding section ■ PE Header editor + Added a PE infos editor. (09-11) + Added a Directory editor. (09-11) + Added a section editor. (09-11) ■ CodeShot - Task/module handler Translated in ASM32. (05-19) + Added a snapshot descriptor free (07-23) + Cleaned up the code (08-18) + Raw/Partial dump (09-12) + Auto Refresh on task kill (09-21) > ProcList external tool is 100% asm. ■ Phoenix - PE Rebuilder Code converted in ASM32. (05-24) + Added the possibility of using actual import dir infos. (06-18) + Added a global most secure error handling. (06-18) + Added a valid header check (for already Working PE file). (06-25) + Added a PE Structure compactor. (06-25) + Added a new Signature stamper. (06-25) + Added a PE loader, now any PE file should load ! not only the (06-28) memory dump you should have done. + Added a Merge Section Code. (07-10) + Added a new IAT table Start & Size detector. (07-16) + Added an "intelligent" dummy thunk skipper. (07-29) + Added an Import DLL directory builder. (07-16) + Added a Reloc check & fix in MZ header for IDA STUPID LOADER. (08-03) + Enhanced the PE/RAW file detector. (08-03) + TLS section autoskip (08-21) + Enhanced the PE loader [virtual/physical size auto choice] (08-23) + Fixed a small bug in PE Loader code (09-19) + Fixed a bug in Section RVA detector (09-19) + Enhanced the import table rebuilder (Name completion) (09-19) > MakePE external tool done for GTR95 project. ■ Shiva - Script & Trace engine translated in ASM32. (06-14) + Skip of Script errors (Secured System). (06-14) + Code Tracer Works (07-31) + More Debug Output (09-12) + External Predump reenabled. (09-19) You can even supply the Target file to rip import infos ;). > UnpackPE 1.02 is 100% working, and better than ProcDump B2R3 (08-28) ■ ProcDump - Interface Translated in ASM32. (09-07) + Syslist fill. (09-12) + Syslist module auto refresh on click (09-16) + Graying Cancel button when Unpack is canceled (09-17) + Auto Center for File dialog enhanced (09-21) ■ Reorganized internal data structures. (06-08) ■ Unpackers + Added Universal support for WWPACK32 x.xx including 1.11. (09-18) + Added special support for WWPACK32 1.10 release. (09-18) + Neolite support tested on 1.01. Still work ;) (09-18) ────────────────────────────────────────────────────────────────────────────── OLD Generation - Delphi + Inline ASM code - No more really updated. ────────────────────────────────────────────────────────────────────────────── version 1.0 Beta 2r3[xx-xx-1998] (quick update). ■ NT4 compliant again - r2 wasn't :( (08-23) ■ Added CleanUp for SnapShot (internal code) (08-23) ■ Fixed a small script parser bug. (08-23) ■ Changed a command name : SUB -> DEC (07-01) ■ Added a TLS section autoskip (08-21) ■ Added support for Petite x.xx (08-18) ■ Added support for NeoLite 0.xx (08-18) ■ Added support for Manolo (07-01) ■ Added support for HASIUK Packed file (activision use it). (06-18) ■ Added support for Securom "protected file" (Sony dreams ;). (06-18) ■ Securom support works too with Louis Cryptor ;) Hiho bunter ;) (06-18) ■ Added a new option for import table rebuild. (06-18) ■ Enhanced Tracer dump criterea. (06-18) version 1.0 Beta 1 [05-26-1998] - Public ■ Added Script Tracer (95%). (04-23) ■ Finished the script tracer ;) (05-05) Check script.[ini|txt] for details. ■ Added support for PESHiELD due to script tracer ;) (05-05) ■ Added NT<5.0 support (not exactly the same as 95,98&NT5) (05-07) ■ Added some unpacking options for experts. (05-07) ■ Added an option manager (option button). [for expert !] (05-03) Actually it means me ;) U should never change advanced options ! ■ Added IAT recomputer and Improved Import Scanner (05-24) ■ Changed the way of unpacking (trace & fast). More convenient. (04-28) check doc about trace & fast unpacking. ■ Changed About box activation - by click on Logo now. (05-03) ■ Disabled the maximize button (thanx Nop ;) (05-04) ■ Disabled all button for all dialogbox. (05-16) ■ Started the anti SEH things. (04-30) ■ Optimized some functions calls and code. (05-21) ■ Fixed a little bug in import rebuilder. (05-22) ■ Fixed an index in name scanner (OOOooooppps !!!) (05-26) ■ Fixed the Process Termination after trace/unpacking. (05-07) ■ Fixed the Process Kill Command (now we wait full death) (05-07) ■ Fixed Process Display after a KILL (05-20) ■ Fixed a Code Fault that may have occurred (never got it anyway) (05-07) ■ Fixed the temporary dump delete if unpack failed (05-16) ■ Fixed in module view a cosmetic bug (05-20) ■ Fixed the Write error pb when Trace was canceled (05-20) ■ Fixed the kill message (app name was missing) (05-20) ■ Cleaned up resource file (05-26) ■ Updated the whole documentation due to many changes. (05-05) ■ Updated the script documentation. Someone Asked me ;) (04-27) version 1.0 Alpha 9 [04-20-1998] - Public (04-23). ■ Added some sanity check about non PE header. (04-10) ■ Added Module lister for a given process. (04-12) ■ Added Module Dumper. (04-12) ■ Added Header Full rebuilder when destroyed. (04-13) ■ Added Fast unpacker for a few packers. (04-15) ■ Import Rebuilder 100% working [many things fixed] (04-20) Rebuild ordinal for crashed import table at runtime. ■ On successfull unpack, display EIP before Jump. (04-15) ■ Some cosmetic changes. (04-13) ■ Source code cleaned up a little. (04-13) I know, I know : u don't care ;) ■ Optimized a little the code size. (04-12) ■ Helped a little the garbage collector...ooopps ;) (04-20) ■ Updated the documentations (04-20) version 1.0 Alpha 8 [04-06-1998] - Public ■ "Public" version ;) For those who knows how/why to use this. ■ Changed a bit the object size updater. ■ On failure, Display EIP we where. ■ Terminate correctly in all cases now (Trace)... except if Win crash ;) ■ Exe Size reduced. ■ New GFX added ;) version 1.0 Alpha 7 [03-27-1998] ■ Changed the debug tracing interception mode. ■ Eip no more destroyed in dump & reload mode. ■ First version WITH a working PE unpacker !! ■ Fixed a little bug in import rebuilder. ■ Removed "always on top" feature... was annoying. version 1.0 Alpha 6v[03-26-1998] ■ Visual Progression of the tracer so that u can know if we are killed or not. ■ Some others minor things. version 1.0 Alpha 6 [03-24-1998] ■ Tracer Code fixed and more secure - no more Reboot32 code ;). ■ Traps for ACCESS_VIOLATION ■ Traps when Process is out of itself !! version 1.0 Alpha 5 [03-23-1998] ■ Tracer Code added [TO DEBUG] !!Don't use if u don't know what u do!! Means : Only if u are called Stone or G-RoM ;). Actually it is nearly a Reboot32 Code ;). version 1.0 Alpha 4 [03-20-1998] ■ DLL export analyzer enhanced. -> ordinal export supported in import rebuilder [Ex: kernel32.1 allowed]. ■ Memory leak fixed. ■ Load External option fixed (ahem....forgot a boolean test !). ■ Mangled import function restore. See Special Section. version 1.0 Alpha 3 [03-19-1998] ■ DLL name autorestore. ■ IAT special entry pb solved. version 1.0 Alpha 2 [03-18-1998] ■ New import section detector (generic). ■ Header rebuild 100% okay now [bss always 0 !] ■ Some checks were added just in case. version 1.0 Alpha [03-13-1998] ■ Import loader now rebuild a valid import table, import by Name is always tried before by ordinals. version prealpha [03-08-1998] ■ External Buffer conversion added. version 0 [03-03-1998] ■ Interface done ■ Translated my win32 asm prototype in inline asm under delphi. ■ File dump at exact size works now.